SYSSEC: February 2008 Archives


February 28, 2008

One of the main reasons to have a blog is to call a bad idea a bad idea. Here's one. Former FBI Agent Patrick J. Dempsey suggests:
It's obvious that the Internet requires some type of governance. But it is just as obvious that trying to establish this governance through the numerous legal systems might not be practical. The other possibility for governing the Internet, and, more specifically, the criminal activity that occurs on the Internet, would be to change the structure of the Internet. Although I don't support ideas like the "national firewalls" put in place by some countries, this type of solution does afford some level of control over Internet traffic flowing through said country.

However, knowing all the possibilities with disguising or "spoofing" one's information on the Web, I'm not sure that there is a way to truly "protect our borders" when it comes to the Internet. The solution might be to establish two Internets -- the current Internet and a new, more secure Internet where users would be required to register prior to gaining access. Once again, though, we're confronted with the issue of what would be the governing body that would manage the user registrations? Would it be an organization similar to the IANA (Internet Assigned Numbers Authority) or InterNIC that would manage user registrations on the "new" Internet, or do we need to establish an entirely new entity to manage a more secure Internet?

The problem with this idea is it's totally confused about the security problem with the Internet, which has a lot more to do with stupid users and insecure software than it does with failing to authenticate everyone with a modem.

Let's play this out: you set up your new secure Internet. There's already an Internet 2, so let's call it Internet 3 or I3. Anyway, we've got I3 up and running and before they'll give you a connection you have to give them your fingerprint, irisprint, a blood sample and the keys to your car. Of course, if if you want I3 to be useful, you have to let pretty much anyone on, so just like the Internet, I3 is full of hackers. And since your software isn't any more secure than it was before, you're still just as likely to have your machine compromised. Now, it's true that having positive identification for each user might forensics a tiny bit easier: once you've managed to track the user down to the account they initially logged in from, you know who to arrest. But of course, hackers use compromised machines as stepping stones, so tracking them down isn't easy, and of course it's not exactly difficult to steal people's account information and log in as them instead of yourself.

Even if we somehow were able to create an I3 without any hackers on it, it wouldn't stay that way for long. I3 is one big sterile area, so as soon as any significant number of compromises happen it's game over. Initially, I3 is going to be pretty lame, so people are going to use both the Internet and I3. And since the Internet is full of hackers and their machines are compromised and they're going to use the same machines for both the Internet and I3, it's not going to be long before plenty of I3 credentials are circulating in the hacker community. Creating isolated networks is really hard even when you're working in real high security environments. It's basically impossible when you're dealing with millions of people, many of whom are willing to run any random .exe file you send them.